How do airports remain safe against the constant threat of cyber-attacks?

The perfect storm of cyber-security

Constant developments within the cyber industry have resulted in old systems becoming more vulnerable to advances, and the inability to accurately identify threats means we are just waiting for disaster to strike. New technology is being implemented quicker than it can be secured, and many systems are just an open invitation to malicious attacks. A perfect example of this is the speed at which IoT has expanded. In practise IoT will help individuals in organisations make better decisions based on real-time data. However, if the data fed is wrong or skewed in some way, the outcomes can be drastically different.

There is a magnitude of laws and regulations which are limited and inconsistent; this means that there is a gap within the framework through which exploitation can occur. Regarding airports, this means that sensitive material is available to manipulate. Moreover, there is limited interconnectivity between systems which allows for threats to go undetected for months.

Furthermore, this perfect storm of cyber-security comes from an array of unpredictable entities. In International Airport Review’s recent webinar, Mark Weatherford, Global Information Security Strategist at Booking Holdings, said: “The unfortunate thing is a lot hasn’t changed in the past decade or so”, resulting in a range of problems in the industry. He highlighted “the supply chain ecosystem has become significantly more complicated and complex over the past decade, and we’ve become incredibly dependent on cyber-security as part of that supply chain ecosystem”.

The physical and digital worlds are becoming increasingly blurred and supply chains must now focus on effectively converging.

Security convergence

Security convergence refers to the convergence of two historically distinct security functions – physical security and information security – within enterprises. Both are integral parts of any coherent risk management plan.

It is important because control systems, physical security and IT security are now converging on an incredibly regular basis. Where we previously saw silos in companies, many are now merging and integrating these systems. This means that the system efficiency has increased incredibly, but at what cost?

Security convergence has become a critical factor in airport cyber-security and risk management. Technology is driving convergence, but as the rate of progression within the security industry continues exponentially, each of these new technologies is not an isolated procedure.

Security convergence has many positives and progresses throughout an organisation, including:

• Eliminating organisational silos
• Situational awareness
• More unified and strategic governance
• Efficient people, processes and technologies
• Eliminating duplicate processes
• More control over the distribution of resources
• Strategic planning of security resources.

Cultural changes

For many organisations, increasing their security means changing their cultural concerns around it.

The perception that physical security personnel are more blue collar, while the IT security industry is considered more white collar is one that needs to be overcome. This creates a divide within the workforce which has the potential to become the biggest threat to a security system. There is a need to bridge the gap between physical and IT security and look upon it as one entity.

Airports are taking action to reduce the rate of insider offending. A focus on the employee to make sure that they are content within their role, and that their wellbeing is a priority to the airport, is integral.

In the webinar, Chris Cole at San Antonio Airport highlighted the need to ensure that new employees are the right fit for the role. This comes from extensive background checks to make sure that these people will not pose a threat to the integrity of the airport later.

Cole said: “Background checks are effective to a certain extent. I think there are certain signs that a background check can tell us, like theft for instance. We can then say that this person will not be working with a till, and that is something we must be mindful of. However, I think you should look at it a little bit more like a collusion type of activity. At San Antonio Airport we’re looking at technology that doesn’t give us a disqualifier for an individual but raises the question as to the level of access we are prepared to give them. I think background checks are good, but I do believe we could do better.”

This cultural change does not just apply to how security services at the airport are received but stretches across how employees are managed. Frank discussions about mental health and wellbeing are crucial to employee satisfaction which in turn can limit and potentially mitigate the insider threat.

Insider threat

The webinar informed us that 46 per cent of the most costly cyber-crimes were conducted by an insider. This emphasises just how important it is to detect, mitigate and prevent insider attacks.

The size of an airport poses the first problem when considering how an insider can carry out such an attack. So many people use airports, from passengers, to contract workers, construction workers, badged employees and airline workers. Additionally, airports have many access points meaning it is even easier to gain quick entry, and then leave again under the radar.

There are three kinds of insider threat: Comprised user, those who do not know they are compromised; careless users, those who leave computers or terminals unlocked or otherwise are careless with the security measures they take; and the malicious users, who usually have legitimate access to the system and wilfully take the data or information that is available to them.

Cole explained how San Antonio Airport has gone about implementing best practise across the airport to ensure that insider threats are not as crippling as they can be. The focus on background checks, random inspections and a constant investment in technology will help to detect abnormal behaviour. He said: “In most cases, airport operators don’t control the hiring process, or even the vetting of the employees. We do it to meet the TSA requirements, but we don’t do a lot of their vetting until the employee applies for a badge. So that makes it complicated for airports. Lots of badges, that’s the challenge, when you talk about an insider, anyone could pose an insider threat.”

Jupp Gill from AlertEnterprise also discussed how following the prevent, detect, mitigate model allows technology to assist in protection. He said: “The prevention starts with the onboarding process. We control access permissions before they are administered.”

Patterns of behaviour

When insider threats are considered, the thought process is often about detecting the threat rather than putting an initial stop to it. With the help of developed technologies, management can detect warning signs and act on them before a threat arises.

With the use of CCTV, normative behavioural patterns of staff can be witnessed and documented. This means that if, and when, there is a change to what is expected, airports have the time to stop a threat before it can materialise.

With the physical changes in someone’s behaviour, the digital footprint they leave can be just as telling. With badged employees there is a physical footprint and change which can be intercepted before a malicious attack is carried out.

When asked if there any regulations in place in the U.S. to reduce cyber-security threats at airports, Cole answered: “From the airport side, the TSA has issued information guidance that can be forwarded onto the IT department working for the security side of airport operations, but this is more of a best practise type guidance than strict regulations. When I attended a Federal Emergency Management Agency (FEMA) event it was evident that cyber-security is vital to our homeland security. San Antonio Airport is working with the wider community to ensure that if an attack occurs, we know how to respond.”

Moving forward

Digital transformation within airports has produced major advancements in productivity, efficiency and customer experience. But it is clear that the transformation has also opened up new blended cyber-physical risks that could bring airport operations to their knees. With the help of advanced technologies to detect threats, the convergence of systems which remove silos from companies and the change in the cultural practises within organisations, companies can boast a secure cyber-environment. Additionally, a focus on the employee, both professionally and in terms of wellbeing, can ensure that the insider threat is caught before it makes the airport vulnerable. From patterns of behaviour, to digital footprints, airports can protect themselves against the threat from within.